ING Direct 2013 Annual Report Download - page 312

Download and view the complete annual report

Please find page 312 of the 2013 ING Direct annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 424

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332
  • 333
  • 334
  • 335
  • 336
  • 337
  • 338
  • 339
  • 340
  • 341
  • 342
  • 343
  • 344
  • 345
  • 346
  • 347
  • 348
  • 349
  • 350
  • 351
  • 352
  • 353
  • 354
  • 355
  • 356
  • 357
  • 358
  • 359
  • 360
  • 361
  • 362
  • 363
  • 364
  • 365
  • 366
  • 367
  • 368
  • 369
  • 370
  • 371
  • 372
  • 373
  • 374
  • 375
  • 376
  • 377
  • 378
  • 379
  • 380
  • 381
  • 382
  • 383
  • 384
  • 385
  • 386
  • 387
  • 388
  • 389
  • 390
  • 391
  • 392
  • 393
  • 394
  • 395
  • 396
  • 397
  • 398
  • 399
  • 400
  • 401
  • 402
  • 403
  • 404
  • 405
  • 406
  • 407
  • 408
  • 409
  • 410
  • 411
  • 412
  • 413
  • 414
  • 415
  • 416
  • 417
  • 418
  • 419
  • 420
  • 421
  • 422
  • 423
  • 424

Risk management continued ING Bank
Following the establishment of a Cybercrime Task Force in 2012, ING Bank has set up a Cybercrime Resilience Program in 2013 to
structurally address the cybercrime threats. Within the programme, ING Bank has defined a wide range of measures, on top of existing IT
security measures, to strengthen ING’s resilience against e-banking fraud, DDoS and targeted attacks (also called Advanced Persistent
Threats). To monitor and to respond to cybercrime effectively across ING Bank, a permanent central CyberCrime Emergency Response
Team has been established.
ING Bank is continuously working on strengthening its global cybercrime resilience including strengthened collaboration against
cybercrime with the financial industry, law enforcement authorities, government (e.g. National Cyber Security Center) and Internet Service
Providers (ISPs).
Advanced Measurement Approach (AMA)
ING Bank has an Operational Risk Capital model in place in which the risk profile is closely tailored to the internal profile of ING Bank and
its divisions by using scenario data for capturing severe risks and internal loss and Risk & Control Self-Assessment data for capturing
day-to-day risks. The business has a strong role in assessing scenario severities and the Operational Risk Management function in validating
the results. In 2013 workshops were held at the regional level and the scenario coverage has been expanded by introducing more relevant
scenario topics. The internal data based calculation is combined with an external loss data (ORX) based calculation. The better scenario
coverage is demonstrated for a unit of measure, the more weighting is given to scenarios in the calculation.
In April 2013 ING Bank obtained accreditation for use of its enhanced AMA model for regulatory supervision purposes. ING Bank is
reporting the regulatory capital numbers on a quarterly basis. The AMA capital for the fourth quarter of 2013 amounts to EUR 2,822
million. For the fourth quarter of 2012 the AMA capital amounted to EUR 2,836 million.
Compliance risk
Compliance risk is defined as the risk of impairment of ING Bank’s integrity as a result of failure (or perceived failure) to comply with
relevant laws, regulations, ING Bank policies and standards and the ING Bank Business Principles. In addition to reputational damage,
failure to effectively manage compliance risks could expose ING Bank to fines, civil and criminal penalties, and payment of damages, court
orders and suspension or revocation of licenses, which would adversely impact customers, staff, shareholders and other stakeholders of
ING Bank.
The compliance risk management function supports management in mitigating the compliance risks and by establishing a compliance
control framework derived from laws, regulations and standards. The compliance risk management function actively educates and
supports the business in managing compliance risks related, but not limited to, money laundering, terrorist financing, sanction and export
control compliance, conflicts of interest, mis-selling, bribery and protection of customer interests.
ING Bank categorises compliance risk into four conduct-related integrity risk areas: client conduct, personal conduct, organisational
conduct and financial conduct. ING Bank has a Whistleblower Policy which encourages staff to speak up if they know or suspect a breach
of external regulations, internal policies or Business Principles.
Financial Economic Crime (FEC) policy
The ING Bank FEC Policy provides a clear statement of what is required by all ING Bank entities in order to guard against any involvement
in criminal activity, and to participate in international efforts to combat money laundering and the funding of terrorist and criminal
activities. The requirements in the ING Bank FEC Policy cover minimum standards and controls related to: money laundering, terrorist
financing, export trade controls, proliferation financing, sanctions (economic, financial and trade) and countries designated by ING Bank as
Ultra High Risk Countries (UHRC).
The ING Bank FEC Policy directly reflects relevant national and international laws, regulations and industry standards. The ING Bank FEC
Policy is mandatory and applies to all ING banking entities, majority owned ING business, businesses under management control, staff
departments, product lines and to all client engagements and transactions.
Management of ING Bank entities introduce appropriate local procedures that enable them to comply with local laws, regulations and the
relevant ING Bank FEC Policy. Where local laws and regulations are more stringent, the local laws and regulations are applied. Likewise the
FEC Policy prevails when the standards therein are stricter than local laws and regulations.
As a result of frequent evaluation of all businesses from economic, strategic and risk perspectives ING Bank continues to believe that for
business reasons doing business involving certain specified countries should be discontinued. In that respect, ING has a policy not to enter
into new relationships with clients from these countries and processes remain in place to discontinue existing relationships involving these
countries. At present these countries are Myanmar, North Korea, Sudan, South Sudan, Syria, Iran and Cuba. Each of these countries is
subject to a variety of EU, US and other sanctions regimes. Cuba, Iran, Sudan, and Syria are identified by the US as state sponsors of
terrorism and are subject to U.S. economic sanctions and export controls.
310 ING Group Annual Report 2013